flink on k8s
1.修改host文件
vi /etc/hosts
添加如下内容 这样搭集群的时候就不用记ip了
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
165.154.221.97 tlb-001 k8s01 k8s-master-01
165.154.187.67 tlb-002 k8s02 k8s-master-02
165.154.104.175 tlb-003 k8s03 k8s-node-01
123.58.199.75 tlb-004 k8s04 k8s-node-02
165.154.105.68 tlb-005 k8s05 k8s-vip
2.配置免密登录
每台机器上都执行
ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub k8s01
ssh-copy-id -i ~/.ssh/id_rsa.pub k8s02
ssh-copy-id -i ~/.ssh/id_rsa.pub k8s03
ssh-copy-id -i ~/.ssh/id_rsa.pub k8s04
ssh-copy-id -i ~/.ssh/id_rsa.pub k8s05
3.多机器批量执行脚本编写并使用
#!/bin/bash
# 检查参数数量
if [ "$#" -ne 2 ]; then
echo "用法: $0 '主机列表' '命令列表'"
echo "示例: $0 'k8s01 k8s02 k8s03 k8s04 k8s05' 'cd /aaa/bbb;mkdir ccc'"
exit 1
fi# 获取参数
HOSTS=$1
COMMANDS=$2# 将主机列表转换为数组
IFS=' ' read -r -a HOST_ARRAY <<< "$HOSTS"# 创建日志目录
LOG_DIR="logs_$(date +%Y%m%d%H%M%S)"
mkdir "$LOG_DIR"# 遍历主机并在每台机器上执行命令
for HOST in "${HOST_ARRAY[@]}"; do
{
echo "在 $HOST 上执行命令..."
ssh "$HOST" "$COMMANDS"
echo "$HOST: 命令执行完毕。"
} | tee "$LOG_DIR/$HOST.log" & # 将输出同时发送到日志文件和控制台
done# 等待所有后台任务完成
waitecho "所有命令执行完毕,日志保存在 $LOG_DIR 目录中。"
4 批量执行安装防火墙并关闭
/opt/juege/shell-scripts/batch-execute.sh 'k8s01 k8s02 k8s03 k8s04 k8s05' 'yum install firewalld -y;systemctl stop firewalld;systemctl disable firewalld;systemctl status firewalld'
5.安全策略级别设置
/opt/juege/shell-scripts/batch-execute.sh 'k8s01 k8s02 k8s03 k8s04 k8s05' '
getenforce;setenforce 0;getenforce'
6.批量文件传输脚本
#!/bin/bash
# 检查参数数量
if [ "$#" -ne 3 ]; then
echo "用法: $0 '服务器列表' '要传输的文件路径' '远程目标目录'"
echo "示例: $0 'k8s01 k8s02 k8s03 k8s04 k8s05' /path/to/file /remote/directory"
exit 1
fi# 获取参数
SERVERS=$1 # 服务器列表
SOURCE_FILE=$2 # 本地文件路径
REMOTE_DIR=$3 # 远程目录# 将服务器列表转换为数组
IFS=' ' read -r -a SERVER_ARRAY <<< "$SERVERS"# 遍历服务器并将文件传输到每个服务器的指定目录
for SERVER in "${SERVER_ARRAY[@]}"; do
echo "正在将文件 $SOURCE_FILE 传输到 $SERVER:$REMOTE_DIR..."
# 使用 scp 传输文件到远程服务器
scp "$SOURCE_FILE" "$SERVER:$REMOTE_DIR"
if [ $? -eq 0 ]; then
echo "文件成功传输到 $SERVER:$REMOTE_DIR"
else
echo "文件传输到 $SERVER 失败!"
fi
doneecho "所有传输任务完成。"
6.设置swap分区
设置swap分区、关闭大页面压缩(所有节点)——性能考虑
Linux中Swap分区(即:交换分区),类似于Windows的虚拟内存,就是当内存不足的时候,把一部分硬盘空间虚拟成内存使用,从而解决内存容量不足的情况。
在大数据应用中,使用Swap分区会降低性能,通常需要关闭掉
脚本如下
执行批量传输命令
./transfer_file.sh 'k8s02 k8s03 k8s04 k8s05' /opt/juege/shell-scripts/close-swap-and-transparent-page.sh /opt/juege/shell-scripts
#!/bin/bash
# 设置 swappiness 为 0
sysctl vm.swappiness=0
echo 'vm.swappiness=0' >> /etc/sysctl.conf
sysctl -p# 关闭当前 swap 分区
swapoff -a
# 注释掉 /etc/fstab 中的 swap 行
sed -i '/swap/s/^/#/' /etc/fstab# 禁用透明大页面
echo never > /sys/kernel/mm/transparent_hugepage/defrag
echo never > /sys/kernel/mm/transparent_hugepage/enabled# 添加到 /etc/rc.local 以永久禁用透明大页面
echo 'echo never > /sys/kernel/mm/transparent_hugepage/defrag' >> /etc/rc.local
echo 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' >> /etc/rc.local# 确保 /etc/rc.local 是可执行的
chmod +x /etc/rc.localecho "Swap 分区已关闭,透明大页面已禁用,Swappiness 已设置为 0。"
7.ntp设置
/opt/juege/shell-scripts/batch-execute.sh 'k8s01 k8s02 k8s03 k8s04 k8s05' '
yum -y install ntp'
vi /etc/ntp.conf (k8s01执行)
driftfile /var/lib/ntp/driftrestrict 165.154.221.97 mask 255.255.255.0 nomodify notrapserver ntp.aliyun.comfudge ntp.aliyun.com stratum 10# Enable public key cryptography.#cryptoincludefile /etc/ntp/crypto/pw# Key file containing the keys and key identifiers used when operating# with symmetric key cryptography.keys /etc/ntp/keys# Specify the key identifiers which are trusted.#trustedkey 4 8 42# Specify the key identifier to use with the ntpdc utility.#requestkey 8# Specify the key identifier to use with the ntpq utility.#controlkey 8# Enable writing of statistics records.#statistics clockstats cryptostats loopstats peerstats# Disable the monitoring facility to prevent amplification attacks using ntpdc# monlist command when default restrict does not include the noquery flag. See# CVE-2013-5211 for more details.# Note: Monitoring will not be disabled with the limited restriction flag.disable monitor
其它节点执行
driftfile /var/lib/ntp/driftserver k8s01# Enable public key cryptography.#cryptoincludefile /etc/ntp/crypto/pw# Key file containing the keys and key identifiers used when operating# with symmetric key cryptography.keys /etc/ntp/keys# Specify the key identifiers which are trusted.#trustedkey 4 8 42# Specify the key identifier to use with the ntpdc utility.#requestkey 8# Specify the key identifier to use with the ntpq utility.#controlkey 8# Enable writing of statistics records.#statistics clockstats cryptostats loopstats peerstats# Disable the monitoring facility to prevent amplification attacks using ntpdc# monlist command when default restrict does not include the noquery flag. See# CVE-2013-5211 for more details.# Note: Monitoring will not be disabled with the limited restriction flag.disable monitor
/opt/juege/shell-scripts/batch-execute.sh 'k8s01 k8s02 k8s03 k8s04 k8s05' '
service ntpd restart;systemctl enable ntpd.service'
ntpdc -c loopinfo